104
I hate 2FA Hell
(hexbear.net)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Dec 2024
104 points (97.3% liked)
technology
23672 readers
175 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
Ya its a big problem IMHO. Last time my phone was fucked I could pay rent or anything because I couldn't log into my bank because I couldn't get the SMS. I use a password manager and have TOTP set up for important account but a lot of these big institutions only support SMS.
I heard about a guy who got his google account deleted because a computer wrongly though he had csam. (During covid his small child had a genital rash so he took a picture and emailed for a virtual medical visit as the clinic requested.) They deleted everything and "dont have backups" so even tho google admitted it was an error will not restore. So he couldn't log into anything, no email, cross site logins, his phone didn't work, even totp I think via authy. All just gone.
Its not the exact same situation but shows what a tangled web has been created and so precarious.
it's part of my job to think about this for companies, and you'd think that would make me feel confident in my ability to create a robust backup system with failsafes for all of these logins. instead i'm hyper-aware of how screwed I'd be with loss of access to any given point of failure and constantly anxious about it, bc it takes a literal team of people to set up and maintain that sort of thing
twice as bad if you're concerned about data privacy or opsec. like sometimes the options are "give my phone number to some company i inherently don't trust" or "accept the risk that it will be impossible to recover this account if I lose access to my email address"
the problem is, and it seems like a legitimate problem, is that in this context a backup is also a back door.
I don't know how it is possible to have any amount of security without the possibility of being totally locked out in some situations. how can you assure that you can reset a password but prevent anyone else?
It seems intractable. Password managers have been available for a long time and if people haven't started using them yet en masse I see no reason to expect they might any time soon.